CVE-2025-5335 is a high-severity vulnerability classified under CWE-426 (Untrusted Search Path) affecting the Autodesk Installer version 2.13. This vulnerability arises because the installer application improperly handles the search path for executable binaries, allowing a maliciously crafted binary placed in a location that the installer searches before the legitimate system binaries to be executed with elevated privileges. Specifically, when a user downloads and runs the compromised installer, the untrusted search path can be exploited to escalate privileges to NT AUTHORITY/SYSTEM, the highest level of privilege on Windows systems. This escalation occurs without requiring prior authentication but does require user interaction (running the installer). The vulnerability impacts confidentiality, integrity, and availability since an attacker can execute arbitrary code with system-level privileges, potentially leading to full system compromise, data theft, or disruption of services. The CVSS 3.1 base score of 7.8 reflects the high impact and relatively low complexity of exploitation, given that the attacker must trick a user into running the installer but does not need prior access or complex conditions. No known exploits are currently reported in the wild, and no patches have been published yet, increasing the risk window for affected users. Autodesk Installer is widely used in organizations that deploy Autodesk software products, which are prevalent in design, engineering, and manufacturing sectors. The vulnerability's root cause is the insecure handling of the search path, a common software development oversight where the application does not specify absolute paths or properly sanitize the environment, allowing attackers to insert malicious binaries that get executed with elevated privileges during installation or update processes.

For European organizations, this vulnerability poses a significant risk, especially for industries relying heavily on Autodesk products such as architecture, engineering, construction, and manufacturing. Successful exploitation can lead to full system compromise, enabling attackers to steal intellectual property, disrupt critical design workflows, or deploy ransomware and other malware. Given the high privileges gained, attackers could move laterally within corporate networks, compromising additional systems and sensitive data. The impact extends to operational downtime, financial losses, reputational damage, and potential regulatory penalties under GDPR if personal data is affected. The requirement for user interaction (running the installer) means that social engineering or phishing campaigns could be used to trick employees into triggering the exploit. The lack of a patch at the time of disclosure increases the urgency for organizations to implement interim mitigations. Additionally, the vulnerability could be leveraged in targeted attacks against European companies with strategic importance in infrastructure and manufacturing sectors, amplifying geopolitical risks.

1. Until Autodesk releases an official patch, organizations should restrict the use of Autodesk Installer version 2.13 by implementing application whitelisting and execution control policies to prevent unauthorized or unverified installers from running. 2. Educate users about the risks of running installers from untrusted sources and enforce strict download policies, including verifying digital signatures and hashes of installation files. 3. Employ endpoint detection and response (EDR) solutions to monitor for suspicious activities related to installer execution and privilege escalation attempts. 4. Harden the environment by restricting write permissions to directories included in the system PATH environment variable to prevent attackers from placing malicious binaries in these locations. 5. Use Group Policy or other configuration management tools to enforce safe search path practices and environment variable restrictions. 6. Monitor network traffic and logs for unusual installer-related activities and prepare incident response plans specifically addressing privilege escalation scenarios. 7. Once available, promptly apply Autodesk's security updates and verify the integrity of the installer binaries before deployment.